Page MenuHomePhabricator

D20958.diff
No OneTemporary

D20958.diff

diff --git a/src/applications/auth/data/PhabricatorAuthHighSecurityToken.php b/src/applications/auth/data/PhabricatorAuthHighSecurityToken.php
--- a/src/applications/auth/data/PhabricatorAuthHighSecurityToken.php
+++ b/src/applications/auth/data/PhabricatorAuthHighSecurityToken.php
@@ -1,3 +1,17 @@
<?php
-final class PhabricatorAuthHighSecurityToken extends Phobject {}
+final class PhabricatorAuthHighSecurityToken
+ extends Phobject {
+
+ private $isUnchallengedToken = false;
+
+ public function setIsUnchallengedToken($is_unchallenged_token) {
+ $this->isUnchallengedToken = $is_unchallenged_token;
+ return $this;
+ }
+
+ public function getIsUnchallengedToken() {
+ return $this->isUnchallengedToken;
+ }
+
+}
diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
@@ -493,7 +493,8 @@
// adds an auth factor, existing sessions won't get a free pass into hisec,
// since they never actually got marked as hisec.
if (!$factors) {
- return $this->issueHighSecurityToken($session, true);
+ return $this->issueHighSecurityToken($session, true)
+ ->setIsUnchallengedToken(true);
}
$this->request = $request;
diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
--- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
+++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
@@ -5152,12 +5152,14 @@
'an MFA check.'));
}
- id(new PhabricatorAuthSessionEngine())
+ $token = id(new PhabricatorAuthSessionEngine())
->setWorkflowKey($workflow_key)
->requireHighSecurityToken($actor, $request, $cancel_uri);
- foreach ($xactions as $xaction) {
- $xaction->setIsMFATransaction(true);
+ if (!$token->getIsUnchallengedToken()) {
+ foreach ($xactions as $xaction) {
+ $xaction->setIsMFATransaction(true);
+ }
}
}

File Metadata

Mime Type
text/plain
Expires
Wed, Nov 27, 5:23 AM (20 h, 34 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6792065
Default Alt Text
D20958.diff (2 KB)

Event Timeline